res/res_config_odbc: Fix improper escaping of backslashes with MySQL

When escaping backslashes with MySQL, the proper way to escape the characters in a LIKE clause is to escape the '\' four times, i.e., '\\\\'. To quote the MySQL manual: "Because MySQL uses C escape syntax in strings (for example, “\n” to represent a newline character), you must double any “\” that you use in LIKE strings. For example, to search for “\n”, specify it as “\\n”. To search for “\”, specify it as “\\\\”; this is because the backslashes are stripped once by the parser and again when the pattern match is made, leaving a single backslash to be matched against." ASTERISK-24808 #close Reported by: Javier Acosta patches: res_config_odbc.diff uploaded by Javier Acosta (License 6690) git-svn-id: https://origsvn.digium.com/svn/asterisk/branches/11@432720 65c4cc65-6c06-0410-ace0-fbb531ad65f3
10 years ago · 964000772d
parent 6c61b4e37e
commit 964000772d
1 changed files with 4 additions and 4 deletions
--- a/res/res_config_odbc.c
+++ b/res/res_config_odbc.c
@ -209,11 +209,11 @@ static struct ast_variable *realtime_odbc(const char *database, const char *tabl
 	va_arg(aq, const char *);
 	op = !strchr(newparam, ' ') ? " =" : "";
 	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, newparam, op,
-		strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+		strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
 	while((newparam = va_arg(aq, const char *))) {
 		op = !strchr(newparam, ' ') ? " =" : "";
 		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
-			strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+			strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
 		va_arg(aq, const char *);
 	}
 	va_end(aq);
@ -385,11 +385,11 @@ static struct ast_config *realtime_multi_odbc(const char *database, const char *
 	va_arg(aq, const char *);
 	op = !strchr(newparam, ' ') ? " =" : "";
 	snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s ?%s", table, newparam, op,
-		strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+		strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
 	while((newparam = va_arg(aq, const char *))) {
 		op = !strchr(newparam, ' ') ? " =" : "";
 		snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND %s%s ?%s", newparam, op,
-			strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\'" : "");
+			strcasestr(newparam, "LIKE") && !ast_odbc_backslash_is_escape(obj) ? " ESCAPE '\\\\'" : "");
 		va_arg(aq, const char *);
 	}
 	va_end(aq);